CVE-2014-9573

Published: Jan 26, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

1031633

vdb-entry

x_refsource_SECTRACK

[oss-security] 20150116 CVE-2014-9573: SQL Injection in manage_user_page.php

mailing-list

x_refsource_MLIST

https://github.com/mantisbt/mantisbt/commit/7cc4539f

x_refsource_CONFIRM

mantisbt-cve20149573-sql-injection(100210)

vdb-entry

x_refsource_XF

https://www.htbridge.com/advisory/HTB23243

x_refsource_MISC

https://github.com/mantisbt/mantisbt/commit/69c2d28d

x_refsource_CONFIRM

https://www.mantisbt.org/bugs/view.php?id=17937

x_refsource_CONFIRM

https://www.mantisbt.org/bugs/view.php?id=17940

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-9573

Description

Affected Products

References